Cyber Incident Victim: The Berwyn Group
Date:
May 2023
Location:
United States of America
Summary
A cybersecurity incident impacted PBI Research Services through a vulnerability in Progress Software's MOVEit file transfer application, affecting a limited number of clients utilizing the administrative portal. Unauthorized actors accessed private records during the breach, though the organization's core systems remained uncompromised. Following the attack, immediate remediation efforts included patching the software, engaging cybersecurity experts, notifying federal law enforcement agencies, and directly contacting affected clients to address the exposure of sensitive data. The incident formed part of a broader global cyberattack targeting multiple entities across government, healthcare, education, and corporate sectors using the same file transfer platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late May 2023, PBI Research Services experienced a cybersecurity incident stemming from a vulnerability in Progress Software’s MOVEit file transfer application, which was exploited by attackers as part of a broader global campaign. The breach impacted multiple entities worldwide, including federal and state governments, universities, healthcare organizations, and corporations. PBI utilized MOVEit for secure file transfers with certain clients, and the attackers compromised the administrative portal software, gaining access to private records belonging to a small subset of PBI’s clients. The intrusion did not penetrate PBI’s core internal systems or proprietary software, limiting the exposure to data processed through the MOVEit platform. The incident was identified after Progress Software disclosed the vulnerability and associated cyberattack, prompting PBI to investigate its implementation. Unauthorized access occurred through the exploitation of this zero-day flaw in MOVEit’s infrastructure, though the exact duration of access and specific data exfiltrated were not detailed in public communications. The compromise exclusively affected clients who relied on the MOVEit portal for administrative file transfers, with no evidence of lateral movement into other PBI networks or databases.
PBI Research Services initiated containment measures immediately upon confirmation of the breach, applying available security patches to their MOVEit instance to close the vulnerability. The company assembled a dedicated response team comprising cybersecurity and privacy specialists to assess the scope, mitigate risks, and coordinate remediation. Federal law enforcement agencies were notified in accordance with regulatory requirements, and impacted clients received direct communication regarding the exposure of their data. PBI prioritized client and individual privacy throughout the response, collaborating with affected organizations to facilitate customer notifications and support services. The global scale of the MOVEit campaign underscored the widespread consequences of the vulnerability, though PBI emphasized that only a limited fraction of its client base was compromised. No ransomware deployment or financial demands were disclosed in connection with PBI’s incident, distinguishing it from some other victims of the MOVEit attacks. The company maintained operational continuity by isolating the patched MOVEit environment while continuing normal business functions through its unaffected core systems.